Gluu and BioID: Server-side Biometric Authentication

BioID is a server side biometric platform that uses face, voice and eye modalities and liveness detection. Organisations can self-host or use BioID’s hosted API as a service. BioID publishes client software for iOS, Android and Javascript. User presence is verified through a highly accurate and strongly secured liveness detection algorithm. In the SaaS BioID Platform, users are referenced via an anonymous ID, providing privacy-protecting separation of biometric data and other personally identifying information, satisfying GDPR compliance through strong data protection and pseudonymized data handling. 

Although you probably want to build BioID in a mobile application, it was expedient for the Gluu engineers to use the laptop webcam to build our demo. The interception script implements a two-step authentication workflow where username/password is step one, and BioID’s biometric authentication is step two. It’s also possible to implement a one step biometric authentication. Gluu has also published a Casa plugin for BioID.

Detailed instructions for how to deploy the Gluu BioID interception script and Casa plugin can be found here

You can find more information about how to use BioID from their documentation:

  1. You can find all API reference at https://developer.bioid.com/bwsreference.
  2. Lots of useful information about BWS is available at https://developer.bioid.com/blog.
  3. For liveness detection, you will find information about motion trigger helpful: https://developer.bioid.com/app-developer-guide/bioid-motion-detection